North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: disabling SMTP
On Mon, 29 Mar 2004 07:20:47 -0500 Rob Nelson <[email protected]> wrote: > Richard Welty wrote: > >when smtp fixup is on (default on many older pixes, i gather that there > >may be some improvements on newer pixes), the smtp banner > >is mostly obscured by * characters. the intent is a classic security > >by obscurity play, to hide the type and verison of the MTA behind > >the pix. > Okay, so this is a problem when an SMTP server is hosted behind the PIX? yes. > I > thought the fixup statements were for outbound connections, and with it on > right now I get the full banner from SMTP servers. I don't host an SMTP > server myself, so can't check that. nope, they mangle inbound connections too. in addition to the banner obscuration, i (and others) have seen patterns of intermittant, arbitrary disconnections of SMTP sessions when fixup is turned on. this is harder to diagnose, though, because there is a TCP bug in some variants of Outlook that causes similar behavior. those of us running exim as an MTA a couple of revs back had to patch our installs to work around the Outlook TCP bug. i believe that patch is now permanently part of exim, as it is unlikely that the Outlook bug will ever entirely go away. richard -- Richard Welty [email protected] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
|